About AdvancedSetup

Profile Information

Well I suppose as the Online Support Manager for Malwarebytes I can represent Malwarebytes
Also having supported SAS many years ago as a forum member I think I know both products pretty well.
http://forums.malwar...p?showuser=2065
Thanks

No one ever claimed it was universally compatible with any other security software. However in most cases it is quite compatible. Oh believe me I've spent more than a few hours on many of these other forums and in most cases the user giving the advice that it is not compatible doesn't even know how to setup exclusions.
I will admit that there are a couple Anti-Virus products that are very difficult for the average user to setup exclusions but that is simply due to the complexity of the interface of the Anti-Virus product. It can be setup, but is more difficult than most others.
Trend Micro Worry Free Business edition It can be setup, but even advanced admins seem to have trouble with this one
McAfee VirusScan Enterprise 8.x (this one ignores it's own exclusion setting and has documented it on their website as to be fixed in a future update)
McAfee Anti-Virus (ISP version) This version has a modified interaface that does not allow any exclusions to be set (highly recommend not using the product and if you really want McAfee spend the money and get the Full Retail version that does allow exclusions)
ESET NOD32 is the only Anti-Virus that I'm aware of that works with Malwarebytes Anti-Malware right out of the box with no exclusions
I'm open for technical discussion about this if you like JohnnySokko - please show me evidence that our prodcut is not compatible and if I can confirm your statement I'll say so here. At this time the only one that I'm aware of is the McAfee version supplied by some ISP companies - all the others work if exclusions are setup correctly.
I'm not so sure that is true - It is possible though becuase the more security software you add to the mix the more difficult it will be for them to all work together properly. However I have seen more than a few users post that both are working for them. I have not personally tested all 3 in combinations with different AV so I can only go by what some users have posted.
Not sure who qualifies as an "Expert" as even most helpers with training do not spend hours and hours analyzing and debugging code at that level. Many certainly do not advise more than one Anti-Virus product because often they work at such a low leve that it's often too difficult or unavailable to exclude the AV from each other adequately. However in many tests we have so far not found that to be true with Anti-Virus and Anti-Malware products in general.
Please see my response above. The reason more so is that the average user simply does not understand their computer well enough to know or ensure there is not an issue. It actually takes a lot of work and understanding what is happening and use of system monitoring tools to determine if there is an issue or not.
If the programs have not been adjusted to work with each other yes it's possible, however if you have Malwarebytes Anti-Malware setup with the proper exclusions then the user is not going to have an issue and will be better protected
Again, yes if run simply as they are or with no exclusions or improperly set exclusions then yes there is a potential for a conflict. With exclusions setup correctly though there should not be an issue.
Please provide proof of this conflict you're speaking of so that if there is one that we simply cannot get to work correctly and we'll add it to our FAQ.
Thanks

Sorry Greyghost didn't mean to step on any toes as I did say that IF he had an infection he should get that taken care of. I was not trying to do a Malware removal for him, just trying to clean up some stuff that may be an issue since he was saying he had already been through the cleanup process and was now in the General forum. I see now that you've posted that the user was infected. I didn't do any research on the files they just seemed like odd names so I mentioned them.
Thanks

Well I don't see anything that sticks out like a sore thumb that would be causing this rebooting.
You do have a LOT of software that is auto loading on startup that I'd remove for now and only re-enable auto start if really needed.
These items here could be legitimate but due to their time stamp and name they potentially could be suspicious and you might want to try to upload them to one of the Online Virus Submission Sites.
Jotti's malware scan is one of them.
[2008/08/14 10:04:36 | 00,030,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\port135sik.sys
[2008/12/02 16:30:21 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\XXsuppdll.dll
[2008/12/08 11:35:00 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SYSRegC.dll
I would recommend AUTORUNS from Microsoft to help disable auto running items. Don't delete the item, just uncheck it to keep it from running.
AutoRuns for Windows v9.36
I would also recommend removing Adobe Acrobat Reader 7 and update it to version 9
Also I would remove via the Add/Remove in Control Panel all of these old Java versions.
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 16
Java 6 Update 7
These are not the cause of rebooting but they are potential avenues of becoming infected so best to remove and install the latest versions.
By removing all thee auto running applications you should be able to get back in to Normal windows okay if MSCONFIG allows it to go back into Normal Windows. Then you can more granularly allow applications that you want to run on startup run and check out the results to pinpoint if one specific application is causing it.

Well you could report it to Microsoft but not sure there is any direct support without paying for it.
There is currently not enough direct information to show what might be causing it and I'm assuming you've already run multiple Antimalware and Antivirus routines and all of them come up clean. If that is NOT the case then you need to go back and do scans with multiple scanners to ensure the system is clean now.
I doubt this is the cause of the shut down, reboot cycling but please start here and see if you can correct the COM errors.
You may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC
You may have corrupted files on your disk. If this is Windows XP please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30
This routine will show a LOT of information about your system that can help to track down what might be causing the rebooting issue.
Download this program OTListIt.exe to your desktop.
[*:3b6g7fde]Close all applications and windows so that you have nothing open and are at your Desktop [*:3b6g7fde]Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt. [*:3b6g7fde]Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days) [*:3b6g7fde]Click the Run Scan button [*:3b6g7fde]NOTE: Please be patient and let the scan run without using the computer [*:3b6g7fde]When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop) [*:3b6g7fde]In Notepad, click Edit, Select all then Edit, Copy [*:3b6g7fde]Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste. [*:3b6g7fde]Submit your reply and close the Notepad window with OTList.txt [*:3b6g7fde]Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window [*:3b6g7fde]In Notepad, click Edit, Select all then Edit, Copy [*:3b6g7fde]Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste. [*:3b6g7fde]NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.

Well you can't really "install" SAS onto a USB as it's not a functional operating system (unless setup as such)
You can copy both the SAS installer and stand alone definition update onto the USB drive though.
Database Definition Information and download

To get to the Event Logs click on START -> RUN and type in EVENTVWR and click OK
Then look in Application and System logs for RED items that will indicate failures of some type. This may give you a clue as to why the system is rebooting.

Might have better luck posting on a site that is dedicated to Hardware/Software issues. This site is dedicated to fighting Malware, though there are a lot of smart people here I would try searching Google for a dedicated site. (IMHO)

There are a few things that could be causing it. Might not be it, but until SAS support gets back to you maybe try taking a look at the HOSTS file and make sure that the sites you want to go to are not in the list. You could also delete the file and recreate it later on.
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
Notice that there is no extension on the file but it's just a normal text file and you can open it with NOTEPAD.
However I'm betting that it is the Malware you have on the system that is actually preventing it and blocking the other software installs as well.
There are a few things that can be done but I'll leave those answer to SAS support.

Please look in the Event Logs and see if it is logging what might be causing the failure to start in Normal mode as well.
Is there any error message displayed when it reboots or it never gets quite that far into the Windows logon?

Once your system is clean you should clear out the Restore Points and create new ones.
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
[*:34zy4w2j]On the Desktop, right-click My Computer. [*:34zy4w2j]Click Properties. [*:34zy4w2j]Click the System Restore tab. [*:34zy4w2j]Check Turn off System Restore. [*:34zy4w2j]Click Apply, and then click OK. [*:34zy4w2j] Reboot.
Turn ON System Restore
[*:34zy4w2j]On the Desktop, right-click My Computer. [*:34zy4w2j]Click Properties. [*:34zy4w2j]Click the System Restore tab. [*:34zy4w2j]UN-Check *Turn off System Restore*. [*:34zy4w2j]Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Thanks, yes principle is correct - what can I say, it was late and I'm not an English Major
I never said you were sending any private information. I'm just saying you don't say or show what you're sending from within the program, which makes it a bit disconcerting is all. I know you're a very legitimate program and you're not doing anything wrong, just curious why you choose not to show or inform the user is all.

Well I would submit the file but sorry to say that I don't like your "Report False Positive" method.
You demand an email address (not so bad and I can do that, though not sure what is wrong with Anonymous as most others in this type of business allow anonymous reporting), but you then popup a dialog box and ask me to input why I think you should not detect it. If that was all there was to it then I see no reason why I can't do it here on the forum as I've already done, but you send a report of data from my system without showing me or telling me that you're going to do or what you're going to send. Sorry, but to me that is not appreciated at all and is just plain wrong. You write software to stop unsolicited information being transmitted, we use firewalls to stop similar activity, but yet you write the interface so that I have no option to say YES/NO or SHOW me what will be sent like most other applications do.
I'm sure you will not be changing your software just because of my dislike which is okay, I sent the report, but I won't be sending other FP this way, I'll just ignore them from now on until such a time comes that maybe you revisit your policies on the submission method currently used. For me it's a matter of principals and not really what you're collecting, just the fact you don't tell the user or offer them the option to OPT OUT.